CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-24 01:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/dev' into issue/1681

Browse Source
This commit is contained in:
m0duspwnens
2020-11-11 11:39:08 -05:00
parent 5a95159ec3 fc9c31706d
commit 529da993aa
3 changed files with 97 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/elasticsearch/files/ingest/syslog
View File

@@ -13,7 +13,7 @@
}
},
{ "grok": { "field": "message", "patterns": ["<%{INT:syslog.priority}>%{DATA:syslog.timestamp} %{WORD:source.application}: %{GREEDYDATA:real_message}"], "ignore_failure": false } },
{ "set": { "if": "ctx.source.application == 'filterlog'", "field": "dataset", "value": "firewall" } },
{ "set": { "if": "ctx.source?.application == 'filterlog'", "field": "dataset", "value": "firewall" } },
{ "pipeline": { "if": "ctx.dataset == 'firewall'", "name": "filterlog" } },
{ "pipeline": { "name": "common" } }
]

96
salt/top.sls
View File

@@ -6,6 +6,13 @@
{% set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') %}
{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
{% set ELASTALERT = salt['pillar.get']('elastalert:enabled', True) %}
{% set ELASTICSEARCH = salt['pillar.get']('elasticsearch:enabled', True) %}
{% set FILEBEAT = salt['pillar.get']('filebeat:enabled', True) %}
{% set KIBANA = salt['pillar.get']('kibana:enabled', True) %}
{% set LOGSTASH = salt['pillar.get']('logstash:enabled', True) %}
{% set CURATOR = salt['pillar.get']('curator:enabled', True) %}
{% set REDIS = salt['pillar.get']('redis:enabled', True) %}
{% set STRELKA = salt['pillar.get']('strelka:enabled', '0') %}
{% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
{% import_yaml 'salt/minion.defaults.yaml' as saltversion %}
@@ -51,8 +58,12 @@ base:
- suricata
- zeek
- redis
{%- if LOGSTASH %}
- logstash
{%- endif %}
{%- if FILEBEAT %}
- filebeat
{%- endif %}
- schedule
'*_sensor and G@saltversion:{{saltversion}}':
@@ -101,8 +112,12 @@ base:
{%- if WAZUH != 0 %}
- wazuh
{%- endif %}
{%- if ELASTICSEARCH %}
- elasticsearch
{%- endif %}
{%- if KIBANA %}
- kibana
{%- endif %}
- pcap
- suricata
{%- if ZEEKVER != 'SURICATA' %}
@@ -111,9 +126,15 @@ base:
{%- if STRELKA %}
- strelka
{%- endif %}
{%- if FILEBEAT %}
- filebeat
{%- endif %}
{%- if CURATOR %}
- curator
{%- endif %}
{%- if ELASTALERT %}
- elastalert
{%- endif %}
{%- if FLEETMANAGER or FLEETNODE %}
- fleet
- redis
@@ -158,12 +179,24 @@ base:
{%- if WAZUH != 0 %}
- wazuh
{%- endif %}
{%- if ELASTICSEARCH %}
- elasticsearch
{%- endif %}
{%- if LOGSTASH %}
- logstash
{%- endif %}
{%- if REDIS %}
- redis
{%- endif %}
{%- if KIBANA %}
- kibana
{%- endif %}
{%- if ELASTALERT %}
- elastalert
{%- endif %}
{%- if FILEBEAT %}
- filebeat
{%- endif %}
- utility
- schedule
{%- if FLEETMANAGER or FLEETNODE %}
@@ -207,10 +240,18 @@ base:
{%- if WAZUH != 0 %}
- wazuh
{%- endif %}
{%- if ELASTICSEARCH %}
- elasticsearch
{%- endif %}
{%- if LOGSTASH %}
- logstash
{%- endif %}
{%- if REDIS %}
- redis
{%- endif %}
{%- if KIBANA %}
- kibana
{%- endif %}
- pcap
- suricata
{%- if ZEEKVER != 'SURICATA' %}
@@ -219,9 +260,15 @@ base:
{%- if STRELKA %}
- strelka
{%- endif %}
{%- if FILEBEAT %}
- filebeat
{%- endif %}
{%- if CURATOR %}
- curator
{%- endif %}
{%- if ELASTALERT %}
- elastalert
{%- endif %}
{%- if FLEETMANAGER or FLEETNODE %}
- fleet
- fleet.install_package
@@ -248,7 +295,9 @@ base:
'*_node and I@node:node_type:parser and G@saltversion:{{saltversion}}':
- match: compound
- firewall
{%- if LOGSTASH %}
- logstash
{%- endif %}
{%- if FLEETMANAGER or FLEETNODE %}
- fleet.install_package
{%- endif %}
@@ -258,8 +307,12 @@ base:
'*_node and I@node:node_type:hot and G@saltversion:{{saltversion}}':
- match: compound
- firewall
{%- if LOGSTASH %}
- logstash
{%- endif %}
{%- if CURATOR %}
- curator
{%- endif %}
{%- if FLEETMANAGER or FLEETNODE %}
- fleet.install_package
{%- endif %}
@@ -269,7 +322,9 @@ base:
'*_node and I@node:node_type:warm and G@saltversion:{{saltversion}}':
- match: compound
- firewall
{%- if ELASTICSEARCH %}
- elasticsearch
{%- endif %}
{%- if FLEETMANAGER or FLEETNODE %}
- fleet.install_package
{%- endif %}
@@ -286,10 +341,18 @@ base:
{%- if WAZUH != 0 %}
- wazuh
{%- endif %}
{%- if ELASTICSEARCH %}
- elasticsearch
{%- endif %}
{%- if LOGSTASH %}
- logstash
{%- endif %}
{%- if CURATOR %}
- curator
{%- endif %}
{%- if FILEBEAT %}
- filebeat
{%- endif %}
{%- if FLEETMANAGER or FLEETNODE %}
- fleet.install_package
{%- endif %}
@@ -332,13 +395,28 @@ base:
{%- if WAZUH != 0 %}
- wazuh
{%- endif %}
{%- if ELASTICSEARCH %}
- elasticsearch
{%- endif %}
{%- if LOGSTASH %}
- logstash
{%- endif %}
{%- if REDIS %}
- redis
{%- endif %}
{%- if CURATOR %}
- curator
{%- endif %}
{%- if KIBANA %}
- kibana
{%- endif %}
{%- if ELASTALERT %}
- elastalert
{%- endif %}
{%- if FILEBEAT %}
- filebeat
{%- endif %}
- utility
- schedule
{%- if FLEETMANAGER or FLEETNODE %}
@@ -370,11 +448,21 @@ base:
{%- if WAZUH != 0 %}
- wazuh
{%- endif %}
{%- if ELASTICSEARCH %}
- elasticsearch
{%- endif %}
{%- if LOGSTASH %}
- logstash
{%- endif %}
{%- if REDIS %}
- redis
{%- endif %}
{%- if CURATOR %}
- curator
{%- endif %}
{%- if FILEBEAT %}
- filebeat
{%- endif %}
{%- if STRELKA %}
- strelka
{%- endif %}
@@ -386,7 +474,9 @@ base:
{%- if ZEEKVER != 'SURICATA' %}
- zeek
{%- endif %}
{%- if FILEBEAT %}
- filebeat
{%- endif %}
- schedule
- docker_clean
@@ -417,9 +507,15 @@ base:
- idstools
- suricata.manager
- pcap
{%- if ELASTICSEARCH %}
- elasticsearch
{%- endif %}
{%- if KIBANA %}
- kibana
{%- endif %}
{%- if FILEBEAT %}
- filebeat
{%- endif %}
- utility
- suricata
- zeek

BIN
sigs/images/so-acng.sig Normal file
View File

Binary file not shown.